Hi,
Here a diff for www page: openssh/security.html
Change some URLs to those on archive.org (and other site)
Right?
----
Index: openssh/security.html
===================================================================
RCS file: /cvs/www/openssh/security.html,v
retrieving revision 1.64
diff -u -r1.64 security.html
--- openssh/security.html 25 Apr 2020 17:17:28 -0000 1.64
+++ openssh/security.html 9 Jun 2020 23:00:35 -0000
@@ -121,7 +121,7 @@
<li><p><b>February 23, 2009:</b><br>
OpenSSH prior to version 5.2 is vulnerable to the protocol
weakness described in
- <a
href="http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt";>CPNI-957037
"Plaintext Recovery Attack Against SSH"</a>.
+ <a
href="https://web.archive.org/web/20101221213113/http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt";>CPNI-957037
"Plaintext Recovery Attack Against SSH"</a>.
However, based on the limited information available it appears that this
described attack is infeasible in most circumstances. For more
information please refer to the
@@ -197,7 +197,7 @@
"September 16, 2003: OpenSSH Buffer Management bug",
<a href="https://www.openssh.com/txt/buffer.adv";>OpenSSH
Security Advisory</a> and CERT Advisory
- <a href="http://www.cert.org/advisories/CA-2003-24.html";>CA-2003-24</a>.
+ <a
href="https://resources.sei.cmu.edu/asset_files/WhitePaper/2003_019_001_496200.pdf#%5B%7B%22num%22%3A327%2C%22gen%22%3A0%7D%2C%7B%22name%22%3A%22XYZ%22%7D%2C106%2C701%2C0%5D";>CA-2003-24</a>.
<li><p><b>August 1, 2002:</b><br>
OpenSSH version 3.2.2p1, 3.4p1 and 3.4 were trojaned on the
@@ -277,7 +277,7 @@
<li><p><b>September 2, 2000:</b><br>
OpenSSH 2.2.0 and newer are not vulnerable to the
"Feb 7, 2001: SSH-1 Session Key Recovery Vulnerability",
- CORE-SDI Advisory CORE-20010116. OpenSSH imposes limits on the
+ <a
href="https://web.archive.org/web/20010214092544/http://www.core-sdi.com/advisories/ssh1_sessionkey_recovery.htm";>CORE-SDI
Advisory CORE-20010116</a>. OpenSSH imposes limits on the
connection rate, making the attack unfeasible. Additionally, the
Bleichenbacher oracle has been closed completely since January 29,
2001.
@@ -291,7 +291,7 @@
<li><p>OpenSSH was never vulnerable to the
"Feb 5, 2001: SSH-1 Brute Force Password Vulnerability",
- <a href="http://www.crimelabs.net/";>Crimelabs Security Note
CLABS200101</a>.
+ <a
href="https://web.archive.org/web/20010308153603/http://www.crimelabs.net/docs/sshd1-logging.txt";>Crimelabs
Security Note CLABS200101</a>.
<li><p>OpenSSH was not vulnerable to the RC4 cipher
<a href="http://www.kb.cert.org/vuls/id/565052";>password cracking</a>,
@@ -323,7 +323,7 @@
<li><p>OpenSSH has the SSH 1 protocol deficiency that might make an insertion
attack
difficult but possible. The CORE-SDI
- <a
href="http://www2.corest.com/common/showdoc.php?idx=131&idxseccion=10";>deattack
mechanism</a>
+ <a
href="https://web.archive.org/web/20070814045200/http://www2.corest.com/common/showdoc.php?idx=131&idxseccion=10";>deattack
mechanism</a>
is used to eliminate
the common case. SSH 1 protocol support is disabled by default.
</ul>
